Intrusion Prevention

ISC.BIND.EDNS0.Key-Tag.Memory.Leak.DoS

Description

This indicates an attack attempt on a Denial of Service Vulnerability in ISC BIND.
A remote, unauthenticated attacker can exploit this vulnerability by sending a large number of DNS requests with a large number of edns-key-tag options. Successful exploitation results in the exhaustion of system memory.

Affected Products

ISC BIND 9.10.7 -> 9.10.8-P1
ISC BIND 9.11.3 -> 9.11.5-P1
ISC BIND 9.12.0 -> 9.12.3-P1

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor supplied advisory for updates:
https://kb.isc.org/docs/cve-2018-5744

CVE References

CVE-2018-5744